From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 3 Nov 2020 17:51:38 +0000 (+0100)
Subject: Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths
X-Git-Tag: openssl-3.0.0-alpha9~117
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8701e25239dc3d0c9d871e53873f592420f71d0;p=thirdparty%2Fopenssl.git

Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths

Also check for malloc failure and do not add '/' when
$OPENSSL_CONF_INCLUDE already ends with directory separator.

Fixes #13302

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13306)
---

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 63dfaef4d82..dd2d16647a4 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -414,12 +414,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 if (!str_copy(conf, psection, &include, p))
                     goto err;
 
-                if (include_dir != NULL) {
+                if (include_dir != NULL && !ossl_is_absolute_path(include)) {
                     size_t newlen = strlen(include_dir) + strlen(include) + 2;
 
                     include_path = OPENSSL_malloc(newlen);
+                    if (include_path == NULL) {
+                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(include);
+                        goto err;
+                    }
+
                     OPENSSL_strlcpy(include_path, include_dir, newlen);
-                    OPENSSL_strlcat(include_path, "/", newlen);
+                    if (!ossl_ends_with_dirsep(include_path))
+                        OPENSSL_strlcat(include_path, "/", newlen);
                     OPENSSL_strlcat(include_path, include, newlen);
                     OPENSSL_free(include);
                 } else {